Merge branch 'bugfix/rich-media-uri-validation' into 'develop'
rich media: don't crawl bogus URIs See merge request pleroma/pleroma!864
This commit is contained in:
commit
682cc94db1
2 changed files with 76 additions and 0 deletions
|
@ -8,10 +8,24 @@ defmodule Pleroma.Web.RichMedia.Helpers do
|
||||||
alias Pleroma.HTML
|
alias Pleroma.HTML
|
||||||
alias Pleroma.Web.RichMedia.Parser
|
alias Pleroma.Web.RichMedia.Parser
|
||||||
|
|
||||||
|
defp validate_page_url(page_url) when is_binary(page_url) do
|
||||||
|
if AutoLinker.Parser.is_url?(page_url, true) do
|
||||||
|
URI.parse(page_url) |> validate_page_url
|
||||||
|
else
|
||||||
|
:error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp validate_page_url(%URI{authority: nil}), do: :error
|
||||||
|
defp validate_page_url(%URI{scheme: nil}), do: :error
|
||||||
|
defp validate_page_url(%URI{}), do: :ok
|
||||||
|
defp validate_page_url(_), do: :error
|
||||||
|
|
||||||
def fetch_data_for_activity(%Activity{} = activity) do
|
def fetch_data_for_activity(%Activity{} = activity) do
|
||||||
with true <- Pleroma.Config.get([:rich_media, :enabled]),
|
with true <- Pleroma.Config.get([:rich_media, :enabled]),
|
||||||
%Object{} = object <- Object.normalize(activity.data["object"]),
|
%Object{} = object <- Object.normalize(activity.data["object"]),
|
||||||
{:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]),
|
{:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]),
|
||||||
|
:ok <- validate_page_url(page_url),
|
||||||
{:ok, rich_media} <- Parser.parse(page_url) do
|
{:ok, rich_media} <- Parser.parse(page_url) do
|
||||||
%{page_url: page_url, rich_media: rich_media}
|
%{page_url: page_url, rich_media: rich_media}
|
||||||
else
|
else
|
||||||
|
|
62
test/web/rich_media/helpers_test.exs
Normal file
62
test/web/rich_media/helpers_test.exs
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
defmodule Pleroma.Web.RichMedia.HelpersTest do
|
||||||
|
use Pleroma.DataCase
|
||||||
|
|
||||||
|
alias Pleroma.Web.CommonAPI
|
||||||
|
|
||||||
|
import Pleroma.Factory
|
||||||
|
import Tesla.Mock
|
||||||
|
|
||||||
|
setup do
|
||||||
|
mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
|
||||||
|
:ok
|
||||||
|
end
|
||||||
|
|
||||||
|
test "refuses to crawl incomplete URLs" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
{:ok, activity} =
|
||||||
|
CommonAPI.post(user, %{
|
||||||
|
"status" => "[test](example.com/ogp)",
|
||||||
|
"content_type" => "text/markdown"
|
||||||
|
})
|
||||||
|
|
||||||
|
Pleroma.Config.put([:rich_media, :enabled], true)
|
||||||
|
|
||||||
|
assert %{} == Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
|
||||||
|
|
||||||
|
Pleroma.Config.put([:rich_media, :enabled], false)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "refuses to crawl malformed URLs" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
{:ok, activity} =
|
||||||
|
CommonAPI.post(user, %{
|
||||||
|
"status" => "[test](example.com[]/ogp)",
|
||||||
|
"content_type" => "text/markdown"
|
||||||
|
})
|
||||||
|
|
||||||
|
Pleroma.Config.put([:rich_media, :enabled], true)
|
||||||
|
|
||||||
|
assert %{} == Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
|
||||||
|
|
||||||
|
Pleroma.Config.put([:rich_media, :enabled], false)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "crawls valid, complete URLs" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
{:ok, activity} =
|
||||||
|
CommonAPI.post(user, %{
|
||||||
|
"status" => "[test](http://example.com/ogp)",
|
||||||
|
"content_type" => "text/markdown"
|
||||||
|
})
|
||||||
|
|
||||||
|
Pleroma.Config.put([:rich_media, :enabled], true)
|
||||||
|
|
||||||
|
assert %{page_url: "http://example.com/ogp", rich_media: _} =
|
||||||
|
Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
|
||||||
|
|
||||||
|
Pleroma.Config.put([:rich_media, :enabled], false)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue